Cyber-worm spies made in China

Cyberspace is fast becoming a new battleground between the US and the mainland, with growing concerns over Chinese industrial espionage through computer worms, security experts say.

At least one "Trojan horse" program used to steal files from infected computers has been traced to servers in China, providing further evidence that US companies may be targets, say analysts.

Security firms have long been concerned about malicious software used to steal files or passwords. But some newer programs seem designed as a more sophisticated and targeted effort.

Joe Stewart, a researcher at US security firm Lurhq, said that by reverse-engineering a recent PC worm known as Myfip, he found a clear connection to China.

"All the e-mails we've traced back with this particular attachment came from a single address in China," said Mr Stewart, adding it was "highly likely" that the program was used for espionage against US hi-tech and manufacturing companies.

Mr Stewart said the program appeared to have been originally developed to steal student exam papers and then expanded to copy many types of documents, including computer-assisted drawings and Microsoft Word files.

Forbes, which first reported the Chinese origin of Myfip, said the worm had been propagating by spam e-mails that activate the program when recipients click on attachments. The magazine said about a dozen versions had been used to steal sensitive documents including mechanical designs and circuit-board layouts.

Analysts said tracking attacks or malicious software can be tricky because the origins can be disguised. But Marcus Sachs, of SRI International - who also directs the industry-academic Sans Internet Storm Centre that monitors cyber attacks - said the evidence against China was solid.

"I believe firmly that the Chinese are using tools like Myfip to conduct industrial espionage on the US and other industrial countries that have mature data networks."

Mr Sachs said the latest malicious software, or "malware", represent a new strategy by the programs' creators.

"Most of the credit card theft, money laundering and fraud is coming from Russia or former Soviet Union countries," he said. "The Chinese seem to be a bit more clever in covering their tracks and are more likely conducting covert raids for corporate secrets."

However, the techniques may not be limited to industrial espionage. Some analysts said similar malware might target government agencies in a bid to steal other types of secrets.

Online newsletter SecurityFocus said a wave of cyber attacks that hit Britain last month may have been part of an effort to obtain government documents from British and US agencies.